Monitoring + securing containers + microservices.

How 6 of the world’s largest companies use Kub + Sysdig.

Newsletter

May 2017 Container Newsletter.

on June 6, 2017

Hello from all of us here at Sysdig! Even after the hectic last weeks at DockerCon and KubeCon EU the container tech world is not slowing down, so here it is again: a monthly newsletter to share the latest happenings in the container ecosystem across vendors and open source projects like Docker, Kubernetes, DC/OS Mesos, Openshift, etc.
We hope you enjoy this! Ping us at @sysdig or on our open source slack group #sysdig to share anything you feel we should include here, we are looking forward your contributions!

DOCKER

What is the Moby Project?

Admittedly, the Docker and Moby redefinitions have been somewhat confusing, but maybe it’s all for the better! The former Docker monolith has been broken into smaller, more modular pieces. Learn how everything fits together now.

Docker’s LinuxKit

Along with Moby, we have another newcomer: LinuxKit, a tool to build minimal Linux distributions. Following this tutorial you can build your own lean base container image.

Multi-stage Dockerfile for Go

We already mentioned the new multi-stage Docker feature that helps you avoid the cumbersome 2-container Builder Pattern. This is a working Go compilation example demonstrating this technique.

Docker overlay networks

Blog post delivered in two installments that goes into deep detail on how the Docker network overlay works: network namespaces, VXLAN, Netlink and the internal distributed key-value store. Part 1, Part 2.

Best practices Docker template for NodeJS

A seasoned NodeJS developer shares his best practices, sane defaults and general advice as a GitHub repository, Docker template and documentation included.

Monster list of Docker tips

From general advice, Consul, security, managing secrets, Docker Swarm… it’s certainly a huge compilation of tips. Feel free to cherry pick the bits most relevant for your use case.

How the Docker CLI talks to the host

Docker is a client/server architecture and the Docker CLI does not need to be in the same host as the daemon. This article decomposes the different parts of this interaction: Docker daemon, REST API, CLI.

Moving your app to Docker, 5 steps to plan ahead

So, you have finally decided you need to get on board and containerize your application. This article will help you write down your requirements and initial migration plan.

Showcase your Docker apps in a single click

Using Play-with-Docker you can embed a button in your Docker Hub or Github sites to setup a PWD environment and deploy a stack right away.

KUBERNETES

Four useful Kubernetes tools

kube-applier for automated deployment, kubetop to check resource utilization, kubectx for quick context switch, kubeadm-dind-cluster for development and testing clusters. How they could miss Sysdig opensource troubleshooting tool in this toolkit? ;)

Upgrade your Kubernetes cluster with kubeadm

Upgrading a distributed system is a complex task, specially if you don’t want to miss a beat in your production environment. The fully automated kubeadm upgrade is not here yet, but you can do it with a little bit of tinkering.

Fighting service latency

Moving from monolithic to microservices, now you realize you have to consider all the latencies introduced by internal container communication. Keep them in check using features like node affinity.

Run once DaemonSet

What if you need to execute a task exactly once in every container of a deployment? There is a planned feature called CronJob DaemonSet that will address this case, but until then, here is a clever workaround to achieve this behavior.

Write you own Kubernetes scheduler in Python

One of the core components of the Kubernetes head node is the Pod scheduler. You can specify a custom scheduler in your Pod definition. This article illustrates how you can create a basic Python scheduler.

Testing Helm Chart reliability

You probably know Helm already, aka the Kubernetes package manager. It’s time to do a little bit of stress testing to detect possible limitations and caveats. Part 1 and Part 2.

Linkerd 1.0

Buoyant has released version 1.0 of Linkerd, the scalable service mesh for cloud-native applications. Apart for the usual bug fixing and optimization, it features finer grained per-service and per-client configurations.

Kubernetes, the smart person’s guide

An executive summary of Kubernetes, listing all the entities, fundamental questions and links to additional resources. A concise cheat sheet for anyone starting with this topic.

OPENSHIFT

Image Streams

Image streams feature allows you to keep a consistent pointer to your images, tracking a known-good version and avoiding breaking your application when an incorrectly tagged image is updated.

Storing Openshift secrets in Vault

This article starts by describing default secret items and their current limitations, then it offers HashiCorp’s Vault as a security enhancement, deploying a running example.

Is my Openshift overbooked?

If you are new to Openshift administration, this is not a trivial question. With this article you will learn about the basic resource management entities and how to monitor them.MESOS

Free O’Reilly DC/OS book

The development model of new applications is rapidly shifting from VMs to microservices and containers. This ebook outlines how DC/OS can be used to effectively build and run these applications.

Deep learning with DC/OS GPU-based scheduling

GPU offloading, machine learning and Google’s Tensorflow libraries are all the rage. Now is the turn of DC/OS to demonstrate these technologies in its distributed environment. Part 1 and Part 2.

Marathon and DC/OS by example

Feeling a bit overwhelmed by all the options and configurations required for Service Discovery and Load Balancing on DC/OS? This detailed and thorough blog post will get you started.